SA1 Update at AARC2 All Hands Meeting, Amsterdam November 2017

Slides:



Advertisements
Similar presentations
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Advertisements

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.
EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
INDIGO – DataCloud WP5 introduction INFN-Bari CYFRONET RIA
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.
Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Davide Vaghetti, et al. Topics for PY2 activities.
Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE Software provisioning and HTC Solution Peter Solagna Senior Operations Manager.
Authentication and Authorisation for Research and Collaboration Licia Florio IGTF Meeting The AARC Project Amsterdam, 8 September.
ELIXIR AAI Michal Procházka, Mikael Linden, EGI VC 15 March 2016.
Authentication and Authorisation for Research and Collaboration On behalf of the MJRA1.2 scribes J Jensen.
Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016.
Introduction to AAI Services
WLCG Update Hannah Short, CERN Computer Security.
Boosting AAI for research and collaboration
EGI Updates Check-in Matthew Viljoen – EGI Foundation
AARC Update What’s been happening in AARC which matters for GÉANT
User Community Driven Development in Trust and Identity
eduTEAMS platform for collaboration Niels Van Dijk
eduTEAMS – Current status & Future Plans
Cloud Providers and AARC
Identity Management and Authorization
Christos Kanellopoulos
CheckIn: the AAI platform for EGI
AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)
Check-in Nicolas Liampotis
Update on FIM4R David Kelsey
EGI-Engage Engaging the EGI Community towards an Open Science Commons
An AAI solution for collaborations at scale
Boosting AAI for research and collaboration
Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader
The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)
Dissemination and outreach plans
The AARC Project Licia Florio AARC Coordinator GÉANT
Minimal Level of Assurance (LoA)
Identity Management and Authorization
Identity Management and Authorization
Policy in harmony: our best practice
Sustainability and Operational models
Leveraging the IGTF authentication fabric for research
Thursday pilot session: 7-minutes
Policy and Best Practice … in practice
Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)
NA2 Overview Andrea Biancini (AARC2.AHM)2 NA2 WP leader Reti SpA
EGI Webinar - Introduction -
OIDC Federation for Infrastructures
Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)
Updated (VO) Community Security Policies
AARC Blueprint Architecture and Pilots
Common Authentication and Authorisation Service for Life Science Research Mikael Linden, ELIXIR Finland.
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
AARC2 JRA1 Update Nicolas Liampotis
AAI Architectures – current and future
Community AAI with Check-In
Community Engagement & Competence Centre
UmbrellaID in the EOSC era ?
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

SA1 Update at AARC2 All Hands Meeting, Amsterdam 21-23 November 2017 Arnout Terpstra (SURFnet) SA1 (Pilots) Activity Lead AARC2 All Hands Meeting @ Nikhef - Amsterdam - 21-23 November 2017

SA1 Objectives (1) Pilot (selected) research community use-cases Mario (GARR), Kostas (GRNET) Support e-Infrastructures to deploy AARC approach and increase interoperability Diego (EGI), Peter (EGI) Pilot advances use-cases, new solutions and approaches: Kostas (GRNET), Ioannis (GRNET) Showcase results, deployment scenarios and write documentation: Andrea (RETI) I myself joined AARC2 in June this year, so I’m relatively new compared to many other participants. Interestingly though, I’ve already had to manage some personnel changes: both the Task Lead for T2 and T3 have left or are leaving within the first 6 months of the project... Should I be worried about the correlation? ;-)

SA1 Objectives (2): Technology Readiness Levels “All AARC2 results will be at TRL8.” TRL6 -> TRL7 -> TRL8 Strong focus on (pre-) production AAI As opposed to trying out new cool stuff? Communities: build or buy? e-Infrastructures: prepare? Preparing sustainability plans is out of scope for SA1. Mostly work for the e-Infrastructures: communities will likely look at them to run their AAI infrastructure. CORBEL is already this far, but we’ll come back to that later. Use different names: technology proof (trl 6), pilot (trl 8), etc.

Research Communities in SA1.1 LIGO - Physics : Gravitational waves CTA - Physics: Astronomy EPOS - Earth Science LifeWatch - Life Sciences WLCG - Physics : HEP EISCAT-3D Physics: Atmospheric physics HelixNebula - Hybrid Cloud infrastructure CORBEL - Life Sciences / BioInformatics Wiki URL: https://wiki.geant.org/display/AARC/AARC2+SA1.T1%3A+Pilots+with+user+communities Goal this F2F: translate requirements (gathered in interviews) to concrete pilot proposals / architectures. Method: sessions tomorrow, jointly draw architecture. After F2F: finalise pilot intake forms (links will follow in next slides)

1. LIGO: https://wiki.geant.org/display/AARC/LIGO Simplifying complex user and account provisioning workflow on their distributed clusters (e.g. manual addition of users to the various clusters) Integrating in a federated provisioning model services computing resources (fed access to non-web applications) SSH access to VMs Data Replicator SAML-to-X.509 Token Translation

2. CTA: https://wiki.geant.org/display/AARC/CTA IdP/SP proxy (Shibboleth) COmanage (installed) + Grouper (currently working on) Adopting SIRTFI Enhance LoA associated to identities: cappuccino catch-all IdP Linking local (standalone IdP) identities to federated (eduGAIN) ones TIER approach

3. EPOS: https://wiki.geant.org/display/AARC/EPOS Guest users (only 40 % users within eduGAIN) Identity Vetting Group/Role-based access to instrumental data Integration with EGI Check-in Attribute Authority (Unity) EPOS is interested in Distributed attribute management so perhaps a pilot where EPOS AAI based in unity acts as Atribute Authority towards e-infrastrucres AAI Ideally EPOS users should be able to use EPOS Services and generic e-infrastructure services as a united set regardless of who operates them Token translation.

4. LifeWatch: https://wiki.geant.org/display/AARC/LifeWatch IdP/SP proxy Account linking / Token Translation (ORCID as IdP?) Citizen scientists Integration with EGI Check-in?

5. WLCG: https://wiki.geant.org/display/AARC/WLCG Enable WLCG VO membership registration with non-certificate credentials, both new users and existing (credentials should have sufficient LoA and be integrated with our identity vetting process) Enable (largely) transparent command line functionality for non-certificate users Production infrastructure

6. EISCAT_3D: https://wiki.geant.org/display/AARC/EISCAT_3D Big Data sizes involved: many thousands of users and many petabytes of data Some form of moderated data access control Guest users access Policies?

7. HelixNebula: https://wiki. geant. org/pages/viewpage. action Partnership with commercial providers, help them integrate their services with eduGAIN Project is (nearly) finished Valuable lessons learned for eduGAIN E.g. it was unclear to them how eduGAIN works Attribute release problems But: we’re still talking to them to see what AARC can do for them

8. CORBEL: https://wiki.geant.org/display/AARC/CORBEL Policy and sustainability of their operational model Splitting of governance of fundamental services between e-Infra and Research-Infra in a well defined way Governance model to ensure sustainability On the forefront of BPA: structured AAI model already in place - including BonaFide management, Data Access Entitlement, Operational Workflows e-Infras submitted combined proposal (EGI, GÉANT, EUDAT) Key point: looking for a sustainable operational model, using existing eInfras. Also, AAI platform alignment (LoA, uniqueID…) with other e-infrastructures Piloting with task2 - Policy harmonization - Alignment document Internal harmonization work among different research infras - How to deploy something for an open

e-Infrastructure Providers and interoperability pilots in SA1.2 EGI EUDAT PRACE GÉANT DARIAH Wiki URL: https://wiki.geant.org/display/AARC/AARC2+SA1.T2%3A+Support+e-Infrastructures

EGI-EUDAT: https://wiki. geant. org/pages/viewpage. action Full interoperability between EGI Check-in and EUDAT B2ACCESS User communities already integrated in one infrastructure should be able to use services from the other infrastructure in an almost transparent way Define and implement a workflow to exchange authentication and authorization information between EGI and EUDAT (both ways) Identity information, LOA information Group information

EGI-EUDAT: Lead & Timelines Diego Scardaci Peter Solagna EUDAT: Willem Elbers GRNET: Nicolas Liampotis

EGI-DARIAH Pilot consists of two parts: DAASI: David Hübner Part 1: Implementation of a SP/IdP-proxy in the DARIAH AAI Compliant with the AARC Blueprint Architecture Implementation of AARC recommendations & guidelines Based on Shibboleth Part 2: Interoperability pilot between EGI and DARIAH Timeline Part 1 until Q1 2018 Interoperability pilot (part 2) afterwards Concept on: https://goo.gl/R3YFa1 Feel free to comment! DAASI: David Hübner Peter Gietz EGI: Diego Scardaci Peter Solagna Deadlines are still a bit vague, needs some work. Status: Initital call in October Part 1 proxy running as PoC Implement more features in coming 2-3 months E.g. ePUID as identifier AARC group membership recommendations

EUDAT-PRACE: Goals PRACE LDAP – B2ACCESS synchronization Entity/identity provisioning in B2ACCESS based on LDAP search filter (branch, attributes) Only users who accepted terms and conditions Assigning to B2ACCESS groups based on LDAP filter Still the admin may manually assign an entity to additional group, define attribute or disable it Users processed in bulk periodically B2ACCESS – B2STAGE/B2SAFE synchronization B2SAFE account provisioning and DN mapping (1-1) on demand Assigning to B2SAFE groups based on B2ACCESS group membership Support for certificates: Used as B2ACCESS credentials (e.g. IGTF) Generated by B2ACCESS Single user processed online, just before the standard authorization Very high level goals: Provision PRACE users in EUDAT B2ACCESS Provision B2ACCESS users in B2SAFE/B2STAGE

EUDAT-PRACE: Status & People The work in progress was presented to EUDAT during developers meeting in October The work was in general accepted and decided to be put in production Some enhancements were suggested (regarding efficiency in particular) Deployment agenda was agreed Implementation (including suggestions) finished in mid November Documentation in progress Deployment in a couple of production services planned until the end of December Real life tests, corrections, enhancements… Expressing user’s agreement on terms and conditions, processing personal data, etc. to be compliant with GÉANT Data Protection Code of Conduct and local policies –to be discussed and clarified. EUDAT: Willem Elbers EUDAT/PRACE: Claudio Cacciari Giuseppe Fiameni PRACE: Michal Jankowski Ralph Niederberger

EGI-GÉANT-EUDAT CORBEL / LifeSciences infrastructure proposal Combined AAI between EGI, GÉANT and EUDAT To be further discussed on Thursday

T1 Pilots schedule today August 1, 2017 November 1, 2017 February 1, 2018 May 1, 2018 August 1, 2018 November 1, 2018 February 1, 2018 May 1, 2018 May 1, 2017

T2 Pilots schedule today August 1, 2017 November 1, 2017 February 1, 2018 May 1, 2018 August 1, 2018 November 1, 2018 February 1, 2018 May 1, 2018

Progress

What’s next? Now: F2F meeting, translate requirements to concrete proposals/architectures Interactive session tomorrow morning, details will follow Soon: another plug-fest (Q1/Q2 next year) When? Soon: first deliverable (due 30 April 2018) DSA1.1 First Results on Research Communities Pilots Prepare!

arnout.terpstra@surfnet.nl

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.